From ff191117375d57812d0125b02523bbc1123b16b1 Mon Sep 17 00:00:00 2001
From: Platonides <platonides@users.mediawiki.org>
Date: Thu, 26 Aug 2010 18:28:33 +0000
Subject: [PATCH] When the CSRF token on is not available in the session, show
 the 'you have cookies disabled' message instead of "Session problem, canceled
 to avoid session hijacking"

---
 includes/specials/SpecialUserlogin.php | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/includes/specials/SpecialUserlogin.php b/includes/specials/SpecialUserlogin.php
index 6d074f3c67..5e41e3ff7f 100644
--- a/includes/specials/SpecialUserlogin.php
+++ b/includes/specials/SpecialUserlogin.php
@@ -272,7 +272,7 @@ class LoginForm {
 		# Request forgery checks.
 		if ( !self::getCreateaccountToken() ) {
 			self::setCreateaccountToken();
-			$this->mainLoginForm( wfMsg( 'sessionfailure' ) );
+			$this->mainLoginForm( wfMsgExt( 'nocookiesnew', array( 'parseinline' ) ) );;
 			return false;
 		}
 
@@ -657,6 +657,8 @@ class LoginForm {
 				break;
 
 			case self::NEED_TOKEN:
+				$this->mainLoginForm( wfMsgExt( 'nocookieslogin', array( 'parseinline' ) ) );
+				break;
 			case self::WRONG_TOKEN:
 				$this->mainLoginForm( wfMsg( 'sessionfailure' ) );
 				break;
-- 
2.20.1